» Survey reveals dangerous lack of knowledge about virtualization3 November 2008 - More than forty per cent of IT directors and managers that have implemented server virtualization may have left their IT networks open to attack because they wrongly believe that security was built in.
These shock findings were revealed today when network security vendor Clavister published a survey it commissioned from international research and consulting organisation, YouGov*.

With virtualization now one of the boom technologies of the IT world, the extent of the problem was emphasized when 38 per cent of survey participants admitted that they had already implemented the technology. Virtualisation brings environmental benefits, cost savings and management efficiencies.

"When companies implement virtualization, it is very dangerous for them to believe that everything is automatically secure because they can actually face new security threats," explains Andreas Asander, VP product management at Clavister.

"Virtualization offers new points of attack and gives access to a far wider number of applications than a traditional physical server. It is vital that IT staff take steps to achieve the same level of security in their virtualized environment that they had in their traditional environment."

Clavister has developed a five-point check-list for IT managers and directors who are considering the adoption of virtualization. They should:

Re-define the security policy to include the virtualization aspect

Use virtual security gateways which run inside the virtual infrastructure

Protect the virtual administration center and only allow access to this from a separate network

Limit the number of administrators who have access to the virtualization administration tools to a minimum

Evaluate and test the security level on a regular basis. Replicating the production environment to a test environment is easy with virtualization and this should be utilized.

* All figures, unless otherwise stated, are from YouGov Plc. Total sample size was 212 private sector IT or Telecoms Directors and Senior Managers. Fieldwork was undertaken between 22nd - 29th September 2008. The survey was carried out online.